1. Field of the Invention
The present invention relates to a microprocessor capable of preventing illegal alteration of execution codes and processing target data under a multi-task program execution environment, and a multi-task execution method and a multi-thread execution method using such a microprocessor.
2. Description of the Related Art
In the open system that is widely spread today, information on hardware of a computer for general user such as PC and a system program called OS is disclosed, and any desired improvement can be made by modifying the system program.
Under such a circumstance, in order to guarantee the copyright protection for data handled by application programs or the copyright protection for programs themselves, there is a need for hardware based on the presumption that the OS of the system can carry out hostile operations with respect to applications. Such hardware has been proposed especially in a form of a microprocessor (see commonly assigned co-pending U.S. patent application Ser. Nos. 09/781,158 and 09/781,284; and Lie et al., “Architectural Support for Copy and Tamper Resistant Software”, Computer Architecture News 28(5), pp. 168-). Such a microprocessor has a function for encrypting a program and data handled by that program under the multi-task environment in order to protect them from the peeping and the alteration. In the following, such a microprocessor will be referred to as a tamper resistant microprocessor.
A mechanism for protecting three elements (program, context, data) constituting an application program by encrypting them outside the processor has been disclosed in commonly assigned co-pending U.S. patent application Ser. Nos. 09/781,158 and 09/781,284. In this prior art, information on the three elements that are encrypted on an external memory will be processed in a decrypted state in a cache memory and processor registers inside the processor.
In order to protect information strictly, there is a need for a mechanism by which information read into the processor and maintained in a plaintext state as a result of the operation of a program A will not be read out by the OS or another program B.
Here, the first presumption is that the program is to be identified by an encryption key used in encrypting instructions of the program. For example, when one program A is encrypted by using an encryption key Ka, the basic requirement imposed on the tamper resistant microprocessor is that three elements (program, context, data) of the program A cannot be read out by a plaintext program B or a program C encrypted by using another encryption key Kc. For the program A, by distributing the program encrypted by using that encryption key Ka that is known only to the program provider and maintaining the encryption key Ka in secret, it is possible to distinguish the program A from the other programs of the other program providers. In the following, the encryption key Ka of instructions of the program A will be referred to as an “instruction key” of the program A.
As a mechanism for realizing this basic requirement, it is efficient to utilize the access control mechanism using a conventionally existing tag memory of the processor, as disclosed in commonly assigned co-pending U.S. patent application Ser. No. 09/984,407.
However, in the conventional system, the tag management is entrusted to the OS. Yet in the tamper resistant processor system, the tag management must be carried out by a hardware or software mechanism that is incorporated inside the processor in advance so that the alteration by the user is difficult, rather than by a software OS for which the alteration by the user is possible.
Such a mechanism is to be incorporated inside the processor so that it is preferable to make such a mechanism as simple as possible in order to make the processor inexpensive and make a processing of such a mechanism as simple as possible in order to make the overhead due to the tag management small. Also, the tag management must be carried out without causing any violation or contradiction in view of the above described basic requirement, regardless of whether the tag management is placed before or after the key value rewriting operation that becomes necessary in order to re-utilize tags which are finite resources.
Also, regarding the overhead, there is a viewpoint from a processing speed of the overall system and a viewpoint from a response time at a time of activating or switching the process, and it is required to make the overhead small from both of these viewpoints. In addition, conventionally, the public key decryption processing for acquiring a key for decrypting instructions and the decryption and execution of the program by using the acquired key have been carried out by a single instruction. In the general processor, the exception cannot be accepted during the execution of an instruction. For example, the 1024 bits public key decryption processing requires 1 msec or more time even by the currently fastest hardware. This is considerably longer than tens of μsec that is the required response performance of the real time processing generally used today, so that it can cause the lowering of the real time response performance of the system.